TMCnet Feature

Spammers Infiltrate Apple iMessage Network

Over the past year, Apple’s iMessage instant messaging service has fallen victim to abuse by spammers, as any communication platform inevitably will.

The conditions are perfect for a potential spammer: it is simple to set up an iMessage account with any phone number or email address, there is a massive pool of users to draw from, messages are completely free and there is no limit to the number a user can send. Only a few lines of AppleScript code are necessary for commanding a Mac to send out messages, making it incredibly easy to quickly blast long lists of victims with spam.

A startling recent article in Wired claimed that iMessage accounted for over thirty percent of all spam messages, based on data reported by Tom Landesman from the security and anti-spam company Cloudmark. However, a third party investigation carried out by Macworld, during which they contacted Landesman for clarification of these numbers, found that this statistic applied only to the summer months of 2014 and, more significantly, referred specifically to “unwanted messages reported to the GSMA’s Spam Reporting Services.” This introduces an immense bias, calling into question the exact significance of iMessage spam.

Landesman gave Macworld some harder numbers during their conversation, estimating that Cloudmark has seen approximately several million iMessage spam messages per month in the U.S. Meanwhile, Apple CEO Tim Cook recently announced that the company handles around 100 billion iMessage communications per month. Generously representing the “several million” spam messages as 10 million, a rough calculation shows that a mere 0.01 percent of all iMessage communications are spam messages. This is honestly quite negligible and right on par with, if not preferable to, the numbers many other messaging services experience.

Regardless of spam’s actual severity on the iMessage platform, there is an infrastructure in place to help solve and prevent issues with unwanted messages. Users can report spam to Apple directly, although it is a slightly cumbersome process that involves taking a screenshot and including the phone number or email address of the spammer, as well as the date and time of the message. Alternatively, it is possible to limit iMessage communication to only those on one’s contact list.

iMessage spam may not be as big a deal as Wired made it out to be, but it should nonetheless be kept in mind by Apple’s security and development teams. Keeping situations like this in check is what allows messaging platforms to maintain avenues of communication that are as secure and uncluttered as possible.